Definitions – Intentional Acts

The actor parameter describes the actors who could have the intentions and capacities to pose a threat to the Piql Preservation Services. The relevant values assigned here are state, network, company and individual.

A state is a sovereign political entity, meaning that it is subject to no one’s laws but the ones they themselves choose to be subjected to. As such, it is the highest level of political

organisation in the international system of actors.

A network is here understood as a form of organisation which lacks a formal structure with hierarchical levels and a clearly defined leadership. Rather, networks are made up of nodes.

Some of the nodes may have a more central role than others, but they operate largely independently from one another. The nodes may be located in different countries, and cross-border operations are common where information and resources may flow across national borders, due to the advances made in telecommunications. A network may have an ideological or economic impetus. Examples of the former could include such wide varieties as terrorist cells and volunteering organisations, while the latter could include Mafias and cartels. A group, an organisation, a society or an association are here understood as synonyms to a network.

A company is any entity that engages in some form of business to make money, i.e. making, buying or selling goods or providing services in exchange for money [72]. Companies can be structured in different ways, but they all have a hierarchical structure with a clearly defined leadership which delegates tasks and manages its personnel in hierarchical levels from top to bottom. The level of responsibility and therefore liability is similarly diluted as we move down a level. A firm, a business, a corporation or an enterprise are here understood as synonyms to a company.

An individual is primarily understood as a person acting alone and on behalf of him- or herself, but nevertheless with the potential to greatly influence outcomes. He or she may also act with one or more accomplishes, and for reasons bigger than his or her idiosyncratic interest, but he or she is not connected directly to a larger context, such a network.

The goal parameter specifies the possible goals that a threat actor would hope to achieve, or the incentives for their actions towards the Piql Preservation Services. The relevant values assigned here are political power, market power, economic gain and idiosyncratic interest.

Political power can be gained from the possession of an object – in this case, the information on the piqlFilm – in the sense that the knowledge of what is on the film can give a threat actor increased influential power on a general level. An example would be if a state acquired instructions to build a new type of weapon system. Even without the intention of using said

weapon system on a specific party, the general having of the weapon system can increase the state’s influence generally on the world stage. It can also lead to increased authority in a bilateral relationship more specifically. The knowledge gained from the acquiring of the piqlFilm can be used directly to force certain behaviour, or indirectly when the counterparts’

knowledge of you having the information is enough to give them an elevated position, even when they do not intend to make practical use of the information you have.

Market power is understood here as a more abstract notion than the financial reward to be had from economic gain. Market power is gained when an entity’s standing in the market is increased, or its reputation in improved, without this being directly connected to an increase in profit. An example may be if an entity gets access to innovative technology.

When a threat actor acts due to motivation of economic gain, he or she does so because they imagine there is a financial reward to be had in acquiring an object – in this case, the

information on the piqlFilm. The economic gain can be direct, meaning that usage of the object may result in direct potentially long-term profit, or it can be indirect, meaning that the object can be sold to a third party for a short-term profit.

If a threat actor seeks to gain possession of an object solely to appease his or her own wishes, they act out of idiosyncratic interest.⁴⁷ Such interests can be the destruction of the film for destruction’s sake, perhaps governed by a wish for revenge.

The method parameter describes the actions a threat actor would take to achieve their goals.

The methods vary regarding how demanding they are to implement, and thus represent different levels of ambition and capacity [39 p.13]. The relevant values assigned here are physical destruction, physical manipulation, logical destruction, logical manipulation and insider.

With regards to method, it is distinguished between physical and logical attacks on the assets in question, as well as employing the method of engaging an insider to do the job. As the Piql Preservation Services is both an online and offline medium during different phases in the service journey, it is subject to threats and hazards of both a logical [56 p.18] and physical nature: by logical threats or hazards we mean threats faced by the Piql Preservation Services while the information is stored or transferred electronically; by physical threats and hazards we mean all that may harm the physical infrastructure of the Piql Preservation Services, including its components and their critical dependencies. Within the separation between physical and logical we also distinguish between destruction and manipulation, as both types of attacks can result in the irreparable damage of the information or the subtle altering of the information.

Physical destruction entails damaging the medium containing the information, i.e. after the information has been transferred to the film, beyond repair. It also entails the destruction of other objects and materials that make up the Piql Preservation Services, such as the machines required to develop the piqlFilm, or the finer electronics of the piqlVault system. Additionally,

47 According to The Concise Oxford English Dictionary [44], idiosyncrasy is defined as a mode of behaviour or way of thought specific to an individual.

it involves the destruction of all physical barriers which prevents or delays unwanted behaviour towards the asset that is protected, such as the fortified walls of the piqlVault, and all electronic equipment or solutions which support, combine with or replace the physical measures, such as access control card readers. An example of such destruction would be a very powerful bomb which obliterates an entire building.

Physical manipulation targets all the same objects and materials as physical destruction, but is less severe. The objects in question are not damaged beyond repair, but simply put out of action for a time. Manipulation is defined as being too subtle and requiring too much finesse to use indiscriminate weapons. Tampering with the physical piqlFilm to erase or add frames after it has been printed; tampering with the piqlWriter to adjust settings so that the printing process is altered; cutting cables to deactivate alarm systems or ventilation systems; performing

unauthorised operations directly on a Piql Preservation Services computer that cannot be accessed remotely; setting off a small explosive device whose blast radius is easily controlled to break through a door; or simply pick the lock: all these actions fall under the parameter of physical manipulation. The storage facility and the production site, including their components and structural dependencies are somehow physically manipulated. The purpose of these actions is in some way to compromise the CIA of the relevant piqlFilms. The physical nature of the act must be stressed, however, meaning that the threat has to be physically present to perform the deed, either touching the entity or device in question or being in the necessary proximity to send or receive the necessary signals. We also define this parameter to include the physical removal of a piqlFilm without authorisation. In this way, the predetermined daily routine of the piqlFilm is altered, or manipulated.

Logical destruction entails irreparably damaging the information during the periods when it is not on the piqlFilm, i.e. either during ingestion or for a brief window during the data retrieval.

Unlike the parameter requiring physical proximity in order to alter a process or object, this parameter consists only of operations that can be done remotely by gaining access to a Piql Preservation Services computer through hacks. Using various software tools, such as certain types of malware and viruses, entire files of information or just parts of the files are damaged beyond repair or deleted altogether.

Logical manipulation involves the same tactics as logical destruction, but here the purpose is not to destroy, but to gain access to embed malicious code, through the use of certain types of malware, in order to alter the information. Using the same reasoning as with physical

manipulation, we also place the unauthorized logical extraction of data under this parameter, perhaps through the use of spyware. The sophistication of the Piql IT security architecture is such that we do not deem it possible for an individual without knowledge of the Piql Preservation Services, i.e. an employee, to gain access to the system.

Finally, the method insider entails engaging someone with intimate and unique knowledge of the Piql Preservation Services to perform the necessary operations, either physical or logical, in order for a third party to achieve their goals. By definition, an insider is someone privy to

information unavailable to others, and, as such, can perform the operations with more ease and at a lesser risk and cost [44].

The means parameter describes the relevant resources a threat actor might employ to implement a given method, their capacities. The specific acts required of the given method are also briefly touched upon.

By conventional weapons we mean weapons that are in relatively wide use. There is a natural delimitation against weapons of mass destruction, which is elaborated upon below.

Conventional weapons include small arms and light weapons, as well as common explosives.⁴⁸ Electromagnetic weapons (EMW) also fall under this category [55]. More primitive weapons, such as knifes, axes and the like, are also included in this parameter.

By non-conventional weapons we mean weapons of mass destruction, or weapons that are more indiscriminate in nature than conventional weapons. They include chemical, biological,

radiological and nuclear agents (CBRN).

By hand or power tools we mean the tools or items one uses to physically do damage. Such tools include the items you would need to damage the physical or electronic infrastructure of the storage facility, for example if you wish to force entry. These tools do not refer to actions requiring the weapons described above. Instead, we refer to a pin or otherwise specialised tool to pick a lock, or pliers to cut a cable. Another example would be if one simply wishes to wreak havoc, for example by using a sledge hammer on a control panel which for instance puts various monitoring systems out of action. The tools and the level of competence required to use them have various levels of sophistication. Hand and power tools also mean such tools you would need if the purpose is to simply damage computer resources or hardware, without any hope of extracting any information.

By malicious transmitters we mean the equipment or device needed when the purpose is to damage or extract the information, but where such operations require physical proximity to be able to perform the act. Examples include, but are not limited to, malicious transmitters either clipped directly onto cables to receive the information flowing through them or transmitters handheld near enough to computer resources to receive the signals. The act and tools required to rewire certain cables are also included in this parameter.

By software tools we mean any kind of malware or spyware that can be placed on computer resources, as they are connected to wider computer networks and, as such, more susceptible to hacks. Here we refer to a hack as secretly gaining unauthorised access to someone else’s computer for malicious purposes [72]. The malware and spyware can include, but are not limited to, viruses, worms, Trojans, fake antivirus malware, etc.

48 For a more detailed listing of all the weapons that are included in the categories small arms and light weapons, see [73].

Lastly, by monetary means we mean means that are related to money or currency. Capital, in another word. This is a mean used when someone is payed to perform an action, often a malicious action, for you.